Learn, Adapt, Master

What Does WhatsApp’s Privacy Mean For You?

No doubt many of you reading this article have already heard or even accepted the new T&C’s from WhatsApp, but what does this mean when talking about your privacy?

Well a yesterday WhatsApp published a blog post talking about updating they’re privacy policy for the first time in four years. The main take away from the blog post was the mention of sharing WhatsApp information such as your phone number with Facebook to better target advertisements and limit spam adverts.

This recent move has raised a few questions for many so I decided to take a deeper look into the WhatsApp policies to see if your information and privacy is actually at risk but before doing that let’s take a look at how end-to-end encryption works.

End-to-end encryption is now used with WhatsApp to encrypt user’s communication using something called ‘Text Secure’ by Open Whisper. This means only the sender and receiver can see the conversation and not even WhatsApps can apparently see the encrypted information. While we are on the subject I thought it would be beneficial to see how this end-to-end encryption solution works.

Below I have put together an example diagram which shows the following:

Sender wants to send the receiver a message so the sender requests the public key of the receiver which is forwarded to sender using the Text Secure server and a protocol called ‘Forward secrecy’. Note:Public keys are generated on install and none are stored on the Text Secure server.

Once the sender has received the public key of the receiver, the sender encrypts the message with the receiver’s public key and the message is relayed to the user through the server. The server will not be able to read the message as it doesn’t know the keys to de-crypt the message.

So with the above in mind one would think that everything is fine, well until you look further into the company’s policies. Based on my research into the company’s policies, I have found information that could suggest the company could use more than just your phone number to link your Facebook account and target advertisements.

Under the section “Information we collect” on the WhatsApp privacy policy they say that they might store media such as, and I quote “popular videos” on their servers for a longer period of time. This means some information could be stored on the WhatsApp servers although if the encryption is working the way it has been designed, all communication should be encrypted until forwarded to the correct destination.

WhatsApp mention that they will automatically collect usage and log information which includes information about your activity (how you use they’re services and how you interact with others). The reason I felt this section was particularly important was because this could be used to monitor behavior patterns, when your most active, what days and for how long. The logs collected are more than likely stored somewhere but for how long and what exactly do this longs contain? Maybe something WhatsApp can answer!

Transaction information could be collected if you pay for the WhatsApp service, this could include information from third parties that process your payment. So does this mean WhatsApp have the ability to store your card details once you have made payment through the app store? Unfortunately they don’t go into detail on the legal info page.

When WhatsApp is installed certain device information is collected, this includes:

– Hardware model– Operating System– Browser Information– IP address

WhatsApp could compile all this information, bulked together with the logs and monitor the devices you use for WhatsApp over a period of time and even collect approximate location details based on your IP address. All this information could be perfect for targeting ads to your Facebook account simply by seeing what devices you have used over time to install WhatsApp to targeting ads based on the public IP address used to install WhatsApp.

WhatsApp have also noted that they collect information about your online status, when you were last online and when you last updated your status. Again this information could be used to monitor your activity and target advertisements at a specific time. The information could also be used to see when your active on WhatsApp and when your active on Facebook and if you update both statuses when you are active. This isn’t taking into account the fact that logs may indeed collect your status messages, again WhatsApp doesn’t get into the details.

Towards the bottom of the legal information page WhatsApp let you know that they MIGHT share your information if they believe it is required. This includes transferring information to different countries if required. This point made me believe WhatsApp could potentially have enough information on an individual user to share if they needed to.

If you have got to this part and you have decided, you actually might want to delete WhatsApp….WAIT!

For a limited time WhatsApp are allowing users to Opt-out of sharing their information with Facebook. I have found a link that explains the process here. Opting out doesn’t mean WhatsApp will stop collecting this information, they will continue however, your phone number won’t be linked to Facebook.

If you still decide you would like to remove your account, you will need to ensure you delete the app using the ‘in-app delete’ function in the settings before uninstalling the application. WhatsApp state that if this isn’t done, they could be information stored on their servers for longer.

So there you have it everyone, make your own decision as to how you wish to proceed moving forward using WhatsApp, thanks for reading.

Advertisements

Share this:

Like this:

Published by iwiizkiid

I have over 3 year experience working with mainly Cisco products. My main interest areas are currently Routing & Switching and Security. I have multiple Cisco certifications and more recently was selected as a Cisco Champion.
View all posts by iwiizkiid